Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use byte arrays where possible #49

Merged
merged 1 commit into from
Jun 21, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Mark CTAP2 request and response types as non-exhaustive where possible
- Use references where possible
- Put uncommon fields in `get_info` behind `get-info-full` feature flag and add fields for CTAP 2.1
- Use byte arrays instead of slices or Bytes<_> where possible

[#8]: https://github.com/trussed-dev/ctap-types/pull/8
[#9]: https://github.com/solokeys/ctap-types/issues/9
Expand Down
37 changes: 12 additions & 25 deletions src/ctap1.rs
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,8 @@ pub mod authenticate {
#[derive(Clone, Debug, Eq, PartialEq)]
pub struct Request<'a> {
pub control_byte: ControlByte,
pub challenge: &'a [u8],
pub app_id: &'a [u8],
pub challenge: &'a [u8; 32],
pub app_id: &'a [u8; 32],
pub key_handle: &'a [u8],
}

Expand All @@ -33,8 +33,8 @@ pub mod register {

#[derive(Clone, Debug, Eq, PartialEq)]
pub struct Request<'a> {
pub challenge: &'a [u8],
pub app_id: &'a [u8],
pub challenge: &'a [u8; 32],
pub app_id: &'a [u8; 32],
}

#[derive(Clone, Debug, Eq, PartialEq)]
Expand All @@ -50,33 +50,20 @@ pub mod register {
pub fn new(
header_byte: u8,
public_key: &cosey::EcdhEsHkdf256PublicKey,
key_handle: &[u8],
key_handle: Bytes<255>,
signature: Bytes<72>,
attestation_certificate: &[u8],
attestation_certificate: Bytes<1024>,
) -> Self {
debug_assert!(key_handle.len() <= 255);
debug_assert!(attestation_certificate.len() <= 1024);
debug_assert!(signature.len() <= 72);

let mut public_key_bytes = Bytes::new();
let mut key_handle_bytes = Bytes::new();
let mut cert_bytes = Bytes::new();

public_key_bytes.push(0x04).unwrap();
public_key_bytes.extend_from_slice(&public_key.x).unwrap();
public_key_bytes.extend_from_slice(&public_key.y).unwrap();

key_handle_bytes.extend_from_slice(key_handle).unwrap();

cert_bytes
.extend_from_slice(attestation_certificate)
.unwrap();

Self {
header_byte,
public_key: public_key_bytes,
key_handle: key_handle_bytes,
attestation_certificate: cert_bytes,
key_handle,
attestation_certificate,
signature,
}
}
Expand Down Expand Up @@ -196,8 +183,8 @@ impl<'a, const S: usize> TryFrom<&'a iso7816::Command<S>> for Request<'a> {
return Err(Error::IncorrectDataParameter);
}
Ok(Request::Register(Register {
challenge: &request[..32],
app_id: &request[32..],
challenge: (&request[..32]).try_into().unwrap(),
app_id: (&request[32..]).try_into().unwrap(),
}))
}

Expand All @@ -213,8 +200,8 @@ impl<'a, const S: usize> TryFrom<&'a iso7816::Command<S>> for Request<'a> {
}
Ok(Request::Authenticate(Authenticate {
control_byte,
challenge: &request[..32],
app_id: &request[32..64],
challenge: (&request[..32]).try_into().unwrap(),
app_id: (&request[32..64]).try_into().unwrap(),
key_handle: &request[65..],
}))
}
Expand Down
2 changes: 1 addition & 1 deletion src/ctap2.rs
Original file line number Diff line number Diff line change
Expand Up @@ -206,7 +206,7 @@ pub trait SerializeAttestedCredentialData {

#[derive(Clone, Debug, Eq, PartialEq)]
pub struct AuthenticatorData<'a, A, E> {
pub rp_id_hash: &'a [u8],
pub rp_id_hash: &'a [u8; 32],
pub flags: AuthenticatorDataFlags,
pub sign_count: u32,
pub attested_credential_data: Option<A>,
Expand Down
18 changes: 7 additions & 11 deletions src/ctap2/credential_management.rs
Original file line number Diff line number Diff line change
@@ -1,17 +1,13 @@
use cosey::PublicKey;
use serde_bytes::ByteArray;
use serde_indexed::{DeserializeIndexed, SerializeIndexed};
use serde_repr::{Deserialize_repr, Serialize_repr};

use crate::{
webauthn::{
PublicKeyCredentialDescriptor, PublicKeyCredentialDescriptorRef,
PublicKeyCredentialRpEntity, PublicKeyCredentialUserEntity,
},
Bytes,
use crate::webauthn::{
PublicKeyCredentialDescriptor, PublicKeyCredentialDescriptorRef, PublicKeyCredentialRpEntity,
PublicKeyCredentialUserEntity,
};

type Bytes32 = Bytes<32>;

#[derive(Copy, Clone, Debug, Default, Eq, PartialEq, Serialize_repr, Deserialize_repr)]
#[repr(u8)]
pub enum CredentialProtectionPolicy {
Expand Down Expand Up @@ -40,7 +36,7 @@ pub enum Subcommand {
pub struct SubcommandParameters<'a> {
// 0x01
#[serde(skip_serializing_if = "Option::is_none")]
pub rp_id_hash: Option<&'a serde_bytes::Bytes>,
pub rp_id_hash: Option<&'a ByteArray<32>>,
// 0x02
#[serde(skip_serializing_if = "Option::is_none")]
pub credential_id: Option<PublicKeyCredentialDescriptorRef<'a>>,
Expand Down Expand Up @@ -86,7 +82,7 @@ pub struct Response {
pub rp: Option<PublicKeyCredentialRpEntity>,
// 0x04
#[serde(skip_serializing_if = "Option::is_none")]
pub rp_id_hash: Option<Bytes32>,
pub rp_id_hash: Option<ByteArray<32>>,
// 0x05
#[serde(skip_serializing_if = "Option::is_none")]
pub total_rps: Option<u32>,
Expand All @@ -110,5 +106,5 @@ pub struct Response {
pub cred_protect: Option<CredentialProtectionPolicy>,
// 0x0B
#[serde(skip_serializing_if = "Option::is_none")]
pub large_blob_key: Option<Bytes<32>>,
robin-nitrokey marked this conversation as resolved.
Show resolved Hide resolved
pub large_blob_key: Option<ByteArray<32>>,
}
3 changes: 2 additions & 1 deletion src/ctap2/get_assertion.rs
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
use crate::{Bytes, Vec};
use cosey::EcdhEsHkdf256PublicKey;
use serde::{Deserialize, Serialize};
use serde_bytes::ByteArray;
use serde_indexed::{DeserializeIndexed, SerializeIndexed};

use super::{AuthenticatorOptions, Result};
Expand Down Expand Up @@ -90,7 +91,7 @@ pub struct Response {
/// A key that can be used to encrypt and decrypt large blob data.
/// See https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html#sctn-getAssert-authnr-alg
#[serde(skip_serializing_if = "Option::is_none")]
pub large_blob_key: Option<Bytes<32>>,
pub large_blob_key: Option<ByteArray<32>>,
}

#[derive(Debug)]
Expand Down
3 changes: 2 additions & 1 deletion src/ctap2/make_credential.rs
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
use crate::{Bytes, String, Vec};

use serde::{Deserialize, Serialize};
use serde_bytes::ByteArray;
use serde_indexed::{DeserializeIndexed, SerializeIndexed};

use super::{AuthenticatorOptions, Error};
Expand Down Expand Up @@ -108,7 +109,7 @@ pub struct Response {
#[serde(skip_serializing_if = "Option::is_none")]
pub ep_att: Option<bool>,
#[serde(skip_serializing_if = "Option::is_none")]
pub large_blob_key: Option<Bytes<32>>,
pub large_blob_key: Option<ByteArray<32>>,
}

#[derive(Debug)]
Expand Down
1 change: 1 addition & 0 deletions src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ pub use heapless;
pub use heapless::{String, Vec};
pub use heapless_bytes;
pub use heapless_bytes::Bytes;
pub use serde_bytes::ByteArray;

pub mod authenticator;
pub mod ctap1;
Expand Down
Loading